Chief Information Security Officer

Ontario Securities Commission

Toronto, Canada
Education
Industry
Qualifications
Benefits
Skills
Experience
Special Commitments
Apply
1,000+ Similar Jobs

Information Security Office

Regular, Full time

The Ontario Securities Commission (OSC) is the statutory body responsible for regulating Ontario’s capital markets in accordance with the mandate established in the provincial Securities Act and the Commodity Futures Act. The mandate of the OSC is to provide protection to investors from unfair, improper or fraudulent practices, to foster fair, efficient and competitive capital markets and confidence in the capital markets, to foster capital formation, and to contribute to the stability of the financial system and the reduction of systemic risk. This mandate is performed through policy, operational, adjudication and enforcement work. The OSC also contributes to national and global securities regulation development.

We offer a diverse, fair, and flexible work environment and take pride in our challenging and rewarding work.

The Ontario Securities Commission (OSC) is responsible for regulating Ontario’s capital markets. Our mandate is to provide protection to investors from unfair, improper, or fraudulent practices, to foster fair, efficient and competitive capital markets, and confidence in the capital markets, to foster capital formation, and to contribute to the stability of the financial system and the reduction of systemic risk. This mandate is performed through policy, operational, adjudication and enforcement work. The OSC also contributes to national and global securities regulation development.

We are looking for a highly skilled and experienced Chief Information Security Officer (CISO) to join our leadership team in Toronto, Ontario. As our CISO, you will shape the future of information security at the OSC and develop and implement strategies to protect our organization from evolving cyber threats.

You will have the opportunity to work alongside globally renowned regulators and thought leaders as we execute against our digitally enabled business strategy to protect investors and foster fair, efficient and competitive capital markets.

If you have a proven track record within complex technology environments, are a dynamic and self-directed, adaptable, mission-driven leader with a passion for achieving strategic goals, while fostering a culture of excellence we want to hear from you!

About the Job

Reporting to the COO, the Chief information Security Officer (CISO) is responsible for establishing information security strategies to protect the OSC against cyber threats and ensuring adherence to industry standards and best practices. This role will also be responsible for designing, implementing, and monitoring an information security governance, risk, and compliance control framework to support the confidentiality, integrity, and availability of the OSC’s information assets. In addition, this role includes the development and implementation of policies and procedures designed to protect enterprise information assets, communications systems, and facilities from both internal and external threat as well as auditing existing systems and processes to ensure compliance with current polices and standards.

What the role entails:

Strategy and Governance

  • Develop and maintain a robust information security strategy and program aligned with OSC’s business objectives, industry best practices and applicable Government programs and directives.
  • Collaborate with senior management to ensure alignment of information security strategies and programs with overall business objectives.
  • Establish and enforce security policies, standards and procedures.
  • Provide updates on security strategies and plan to executives, the Board and other stakeholders as required.
  • Promote and oversee strategic security relationships with external entities, including other government agencies, vendors, and partner organizations.

Risk Assessment and Mitigation

  • Monitor and assess the organization’s security posture, identifying vulnerabilities and risks.
  • Conduct security & threat risk assessments and security evaluations.
  • Define, manage and support information security reviews by third party vendors as required.
  • Present risk assessment results and remediation plans to the senior leadership team and the Board as required.
  • Proactively manage and track information security related risks and corresponding action plans with due dates to ensure that the issues are resolved.
  • Stay informed about emerging security threats and recommend appropriate course of action.

Security Awareness and Training

  • Develop and manage the organization’s information security training and awareness programs.
  • Promote security awareness across the organization.

Incident Response and Recovery

  • Develop and maintain information security incidence response plans, procedures, third-party arrangements, and audits.
  • Assist with the design and implementation of disaster recovery and business continuity and incident response plans and audits.
  • Coordinate and lead incident response efforts during security incidents
  • Communicate updates on security incidents to relevant stakeholders, including senior leadership and the Board.

Supplier Risk Management

  • Assess security risks associated with third party service suppliers.
  • Working with the legal and procurement teams, ensure that contracts include appropriate clauses.
  • Monitor vendor compliance with security requirements.

Secure Technology and Infrastructure

  • Develop and enforce policies and standards for acquiring, implementing, and operating new systems and technologies.
  • Lead the security design of “projects” (application, infrastructure etc.) as required.
  • Serve as a technical adviser for projects and provide technical support on matters related to information security.
  • Working with the information technology and data teams, evaluate, select and implement security technologies (e.g. Firewalls, intrusion detection systems, encryption tools, etc.)
  • Oversee the design and maintenance of secure IT infrastructure.

Operational Management

  • Develop, track, and control the Information Security unit’s annual operating and capital budgets for purchasing, staffing, and operations.
  • Develop and report on Information Security metrics.
  • Collaborate with Information Services, General Counsel Office (Privacy Officer), Corporate Services and Human Resources to establish and maintain a system for ensuring that security and privacy policies are met.
  • Where necessary, supervise recruitment, development, retention, and organization of security staff in accordance with corporate budgetary objectives and personnel policies.
  • Remain informed on trends and issues in the security industry, including current and emerging technologies and prices.

What you will bring to the role:

Formal Education & Certification

  • An undergraduate degree in Information Technology, Computer Science, Engineering or equivalent. Information security specific coursework is an asset.
  • CISSP, CISM, CISA or equivalent certification is required.

Knowledge & Experience

  • 10+ years of broad and progressive experience managing and/or directing Information Security Operations.
  • Proven experience in planning, organizing, and developing IT security and facility security system technologies.
  • Experience in planning and executing security policies and standards development.
  • Excellent knowledge of technology environments, including cloud security, network security, operating system security, physical and environmental; security and defense in depth solutions.
  • Considerable knowledge of business theory, business processes, management, budgeting, and business office operations.
  • Substantial exposure to data processing, hardware platforms, enterprise software applications, and outsourced systems.
  • Good understanding of computer systems characteristics, features, and integration capabilities.
  • Experience with systems design and development from business requirements analysis through to day-to-day management.
  • Excellent understanding of project management principles.
  • Knowledge of secure application development practices and how they can be used effectively.
  • In-depth knowledge of applicable laws and regulations as they relate to information security.
  • Experience collaborating with or managing vendors and auditors.
  • Proven leadership ability.

Personal Attributes

  • Ability to set and manage priorities judiciously.
  • Excellent written and oral communication skills.
  • Excellent interpersonal skills.
  • Strong negotiating skills.
  • Ability to present ideas in business-friendly and user-friendly language.
  • Exceptionally self-motivated and directed.
  • Keen attention to detail.
  • Superior analytical, evaluative, and problem-solving abilities.
  • Exceptional service orientation.
  • Proven ability to manage competing priorities and work under pressure.
  • Ability to motivate in a team-oriented, collaborative environment.

What we offer at the OSC!

  • Competitive compensation package which includes performance-based incentives and a premier pension plan.
  • Generous vacation and personal time entitlements.
  • Best in class comprehensive health and wellness benefit package which includes gym membership discounts with Goodlife Fitness.
  • Tuition reimbursement program.
  • Training and development programs.
  • Flexible hybrid work environment (3 days in office each week at 20 Queen Street West).

Grow your career and make a difference working at the OSC.

  • OSC Employees: please apply in Workday using the Browse Jobs feature within your Jobs Hub *

We thank all applicants for their interest in the Ontario Securities Commission. We will contact those selected for an interview.

The OSC is committed to diversity and providing an inclusive workplace and providing accommodation in accordance with the Accessibility for Ontarians with Disabilities Act and the Human Rights Code. It is our priority to ensure employment opportunities are visible and barrier-free to all under-represented groups including but not limited to, Indigenous, Black and racialized groups, people with disabilities, women and people from the LGBTQ2S community, to achieve an employee demographic profile reflective of the demographic profile of Ontarians.

The OSC is a proud partner with the following organizations: BlackNorth Initiative, Canadian Centre for Diversity and Inclusion, and Pride at Work Canada

If you require an accommodation during the recruitment process, please let us know by contacting our confidential inbox HRRecruitment@osc.gov.on.ca. 

Visit Accessibility at the OSC to review the OSC’s policies on accessibility and accommodation in the workplace.

Read Full Description
Apply
Jobs at Ontario Securities Commission
Similar Jobs
Confirmed 15 hours ago. Posted 30+ days ago.

Discover Similar Jobs

Suggested Articles

Leaving Consulting: The Why, When, How and What For?
The Joy of B-Corps
What is a Unicorn Startup?
Managing a Software Career
Leaving Banking: The Why, When, and How
Write a Resume Like Leonardo Da Vinci